Lucene search
K

30 matches found

SUSE CVE
SUSE CVE
added 2026/06/25 2:19 a.m.6 views

SUSE CVE-2026-54514

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 9:17 p.m.12 views

CVE-2026-54512

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic...

8.1CVSS0.00617EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/23 8:53 p.m.4 views

CVE-2026-54513 jackson-databind: Array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray allowlists any array type based only on clazz.isArray, without validating th...

8.1CVSS5.8AI score0.00677EPSS
Exploits0References6
CVE
CVE
added 2026/06/23 8:47 p.m.37 views

CVE-2026-54517

Summary: CVE-2026-54517 affects jackson-databind. In BeanDeserializer._deserializeUsingPropertyBased, the active-view filter was only applied to creator properties; the path for regular properties lacked a visibleInView check. This allowed setterless Collection/Map properties annotated with a res...

5.3CVSS5.9AI score0.00237EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.15 views

PT-2026-51602

Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.21.0 through 2.21.3 jackson-databind versions 3.0.0 through 3.1.3 Description The UnwrappedPropertyHandler.processUnwrappedCreatorProperties function replays buffered JSON into creator parameters without consulting...

6.5CVSS5.9AI score0.00211EPSS
Exploits0References13
NVD
NVD
added 2026/05/21 8:16 a.m.14 views

CVE-2026-44055

A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code...

7.5CVSS0.0036EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 7:34 a.m.23 views

CVE-2026-44055

Netatalk 3.1.4–4.4.2 contains a bitwise OR/logic bug that permits shell injection. The issue affects Netatalk’s AFP implementation and can lead to remote command execution (high impact). Fixed in version 4.4.3. Affected: Netatalk 3.1.4–4.4.2; Remediation: upgrade to 4.4.3 or later. Exploitation s...

7.5CVSS6.1AI score0.0036EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/21 7:34 a.m.14 views

CVE-2026-44055

A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code...

7.5CVSS6.1AI score0.0036EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

Netatalk 操作系统命令注入漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.1.4 to 4.4.2 of Netatalk contained a vulnerability related to operating system command injection. This vulnerability...

7.5CVSS6.1AI score0.0036EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.12 views

PT-2026-42412

Name of the Vulnerable Software and Affected Versions Netatalk versions 3.1.4 through 4.4.2 Description A logic error involving bitwise OR operations allows a remote authenticated attacker to perform shell injection, enabling the execution of arbitrary OS commands. Recommendations Update to versi...

9.9CVSS6.1AI score0.00477EPSS
Exploits0References19
OSV
OSV
added 2026/05/04 9:15 p.m.8 views

GHSA-C9PH-GXWW-7744 Sandboxed Thymeleaf expressions vulnerable to improper recognition of unauthorized syntax patterns

Impact A security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf up to and including 3.1.4.RELEASE. Although the library provides mechanisms to avoid the execution of potentially dangerous expressions in some specific sandboxed restricted contexts, it fails to...

9CVSS5.8AI score0.00427EPSS
Exploits0References3
CVE
CVE
added 2026/04/30 1:28 p.m.12 views

CVE-2026-2892

Summary (CVE-2026-2892): The Otter Blocks WordPress plugin (all versions up to 3.1.4) is vulnerable to a Purchase Verification Bypass. The root cause is the get_customer_data function relying on an unsigned o_stripe_data cookie to determine Stripe product ownership for unauthenticated users, whil...

7.5CVSS5.3AI score0.0032EPSS
Exploits0References5
OSV
OSV
added 2026/04/01 10:4 a.m.3 views

CLEANSTART-2026-FF20499 Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-25934, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2xsj-vh29-9cwm, ghsa-37cx-329c-33x3, ghsa-3wgm-2mw2-vh5m, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-f6x5-jh6r-wrfv, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4, 3.2.7-r0

Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.9CVSS6.8AI score0.04518EPSS
Exploits3References41
Patchstack
Patchstack
added 2026/02/04 11:25 a.m.4 views

WordPress Plugin BlueX for WooCommerce plugin <= 3.1.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Plugin BlueX for WooCommerce versions = 3.1.6...

6.3CVSS5.4AI score0.00325EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/14 9:30 p.m.4 views

EUVD-2025-34471

Substance3D - Stager versions 3.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.2AI score0.00197EPSS
Exploits0References2
NVD
NVD
added 2025/10/14 8:15 p.m.5 views

CVE-2025-61806

Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current...

7.8CVSS0.00188EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/14 7:42 p.m.2 views

CVE-2025-61802 Substance3D - Stager | Use After Free (CWE-416)

Substance3D - Stager versions 3.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.3AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/14 7:42 p.m.8 views

CVE-2025-61807 Substance3D - Stager | Integer Overflow or Wraparound (CWE-190)

Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00188EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.6 views

PT-2025-42195

Name of the Vulnerable Software and Affected Versions Substance3D - Stager versions 3.1.4 and earlier Description An Integer Overflow or Wraparound issue exists in Substance3D - Stager. Successful exploitation could lead to arbitrary code execution with the privileges of the current user. User...

7.8CVSS7.4AI score0.00188EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-27968

Malicious code in bioql PyPI...

9.3CVSS9AI score0.00371EPSS
Exploits0References1
Rows per page
Query Builder